[2018-07-06] PseudoGate->RigEK->SmokeLoader

July 06, 2018

Overview

Saz file is 2018-07-06_12-27-24.saz

(↓Analysis result using EKFiddle)

Malware

SmokeLoader

a021999d1153d87f8f21eb98fe4d34dd3d6b38eed28b831c0b5302f630e482c3
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//www.gaibandhachamberbd.com/en/
↓
[RIG Exploit Kit][Landing Page]
http[:]//188.225.10.225/?NjE2MTAx&EPAOqFfetrma&yuKbkPESwslJnh=c2Vh&pdAZSD=c2My&ta24ds4=SwZllY0MAVlG8K3_ikXQnxWVh5TX_BHZaA4X-ZHHHbU50FnznbJAech0whLU4WVQz-ktYl4gpQlR2arI&EuNflTwnOkfTfPX=c2hha2U=&KFgDrARA=c2My&uvJOcQmYR=Zmx5&CHHOsm=cmVzb3J0&fdf43f=xH3QMrLYbRzFFYHfKP_EUKZEMUvWA0KKwY2Zha3VF5qxFDLGpbf1FxnspV6dCF6EmvdvdLEHIweh1UbA&qcUOSeV=Zmx5&UtTOPhDZmwfc=c2Vh&UTVFUguzYRR=c3BvcnQ=&frONmhHaWOD=cmVzb3J0&oQmOxPkhR=c2My
↓
[RIG Exploit Kit][SWF Payload]
http[:]//188.225.10.225/?OTMxNzE=&eZIAPFRUtVghJWt&fdf43f=xH3QMrXYbRvFFYbfKPjEUKZEMUzWA0WKwYqZharVF5qxFDXGpbD1Fx7spVmdCFmEmvBvdLEHIweh1UbASwZl&URkVyxmxLRH=c3BvcnQ=&UlcWeB=c2hha2U=&gaJEyWckNJsQE=Zmx5&Ejwlncab=cmVzb3J0&nkiGdF=Y2F0cw==&ta24ds4=lYoMAVlG8K3_ikXQnxKVh5TX_BbZaA4X-ZbHHbI50F7znbVAec90whLU4WVQz-ktU1kT5gkUmKr7VaKO-0RA&QyGuYcnSeBIaq=Zmx5&yHbGmr=c2My&ZoTpdVnTo=cmVzb3J0&AIvebusUKwQXqf=cmVzb3J0&lOOQmK=cmVzb3J0&HnxKApPcXQ=bW9uZXk=
↓
[RIG Exploit Kit][Malware Payload]
http[:]//188.225.10.225/?MzY1ODAx&DeJWHsWkLUbL&fdf43f=x33QdfWYaRyPDojDM__dTaFBMUzOGUePwYqfn7DSF52oeDakz7CSEBzw6V6tTjvSgfBOKbZUIgCyiRqDOQY0mOFeEFlK8_6qkEKVzU6YwJSy-RGJa&WUakgiHlUdgcL=cmVzb3J0&snWGqjNJ=bW9uZXk=&ykrkFfzBaJGZ=Zmx5&ATpPOwVOXxeCz=bWF0Y2h1cA==&ta24ds4=AkU-8GWQbI83Azxy7IRc50jzhKF6jRUze5JUVMTswkVn_zIH6XLqUh0UkZgVVnNJp11ohjBBiTgNTpwgvOLQz1xme3K8vRwn5Mt0S6vmgtpaS-7yw&IaCsXRaEqLh=c3BvcnQ=&kdQkoWtWhnaoqLn=c3BvcnQ=&BBqEcd=bW9uZXk=&gscVOYJM=c2hha2U=&oVVkfZaqoWJke=cmVzb3J0&omxzSCZ=c2Vh&oHGzLDJeQGKhQxQ=c3BvcnQ=